incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From svilen ...@svilendobrev.com>
Subject replication on touchdb and authentication
Date Fri, 08 Feb 2013 10:17:06 GMT
g'day

i'm trying to replicate a per-user database to/from touchdb on mobile
device. And i can't figure out how to do the authentication. On
server side, each user owns a database. same on mobile device (in case
there are more users).

The only thing working on both android and ios seems to be
the remote target/source url to contain user+pasw inside like
http://user:passw@remote:5984/dbname
which means user/psw will stay in the replicator database.. 
and/or require user to login each time, or store them elsewhere too.
which isn't good for usability/security.

so i wanted to do cookie-based /_session authentication, but i don't see
where to put the cookie (eventually obtained by manualy POSTing on
server/_session). 

it was suggested by Robert Newson that it can go into target :
> You can use cookie auth for the replication using this little known
> API variant;
> "target": {"url" : "http://host:port/db",
>   "headers":{"cookie":"AuthSession=foo"}}

but looking at the source for both android/ios, the target/source is
just a single string.

next is oauth-like authentication but i don't understand how to use it
at all.

any pointers for either way? 
or should i forget token-authenticated-replication for now?

ciao
svilen

Mime
View raw message